Book DescriptionActionable guidance and expert perspective for real-world cybersecurity
The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement.
Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions.
- Learn how cyber risk management can be integrated to better protect your enterprise
- Design and benchmark new and improved practical counter-cyber capabilities
- Examine planning and implementation approaches, models, methods, and more
- Adopt a new cyber risk maturity model tailored to your enterprise needs
The need to manage cyber risk across the enterprise—inclusive of the IT operations—is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.
Table of Contents
- Foreword The State of Cybersecurity
- About the Editor
- List of Contributors
- Chapter 1: Introduction
Chapter 2: Board Cyber Risk Oversight: What Needs to Change?
- What Are Boards Expected to Do Now?
- What Barriers to Action Will Well-Intending Boards Face?
- What Practical Steps Should Boards Take Now to Respond?
- Cybersecurity—The Way Forward
- About Risk Oversight Solutions Inc.
- About Tim J. Leech, FCPA, CIA, CRMA, CFE
- About Lauren C. Hanlon, CPA, CIA, CRMA, CFE
- Chapter 3: Principles Behind Cyber Risk Management
Chapter 4: Cybersecurity Policies and Procedures
- Social Media Risk Policy
- Ransomware Risk Policies and Procedures
- Cloud Computing and Third-Party Vendors
- Big Data Analytics
- The Internet of Things
- Mobile or Bring Your Own Devices (BYOD)
- About IRM
- About Elliot Bryan, BA (Hons), ACII
- About Alexander Larsen, FIRM, President of Baldwin Global Risk Services
- Chapter 5: Cyber Strategic Performance Management
- Chapter 6: Standards and Frameworks for Cybersecurity
- Chapter 7: Identifying, Analyzing, and Evaluating Cyber Risks
- Chapter 8: Treating Cyber Risks
- Chapter 9: Treating Cyber Risks Using Process Capabilities
- Chapter 10: Treating Cyber Risks—Using Insurance and Finance
- Chapter 11: Monitoring and Review Using Key Risk Indicators (KRIs)
- Chapter 12: Cybersecurity Incident and Crisis Management
- Chapter 13: Business Continuity Management and Cybersecurity
- Chapter 14: External Context and Supply Chain
- Chapter 15: Internal Organization Context
- Chapter 16: Culture and Human Factors
- Chapter 17: Legal and Compliance
- Chapter 18: Assurance and Cyber Risk Management
- Chapter 19: Information Asset Management for Cyber
Chapter 20: Physical Security
- Tom Commits to a Plan
- Get a Clear View on the Physical Security Risk Landscape and the Impact on Cybersecurity
- Manage or Review the Cybersecurity Organization
- Design or Review Integrated Security Measures
- Reworking the Data Center Scenario
- Calculate or Review Exposure to Adversary Attacks
- Optimize Return on Security Investment
- About Radar Risk Group
- About Inge Vandijck
- About Paul van Lerberghe
Chapter 21: Cybersecurity for Operations and Communications
- Do You Know What You Do Not Know?
- Threat Landscape—What Do You Know About Your Organization Risk and Who Is Targeting You?
- Data and Its Integrity—Does Your Risk Analysis Produce Insight?
- Digital Revolution—What Threats Will Emerge as Organizations Continue to Digitize?
- Changes—How Will Your Organization or Operational Changes Affect Risk?
- People—How Do You Know Whether an Insider or Outsider Presents a Risk?
- What’s Hindering Your Cybersecurity Operations?
- Challenges from Within
- What to Do Now
- About EY
- About Chad Holmes
- About James Phillippe
- Chapter 22: Access Control
- Chapter 23: Cybersecurity Systems: Acquisition, Development, and Maintenance
- Chapter 24: People Risk Management in the Digital Age
- Chapter 25: Cyber Competencies and the Cybersecurity Officer
- Chapter 26: Human Resources Security
- Title: The Cyber Risk Handbook
- Release date: May 2017
- Publisher(s): Wiley
- ISBN: 9781119308805